Use single shared random string generation function (#15741)

* Use single shared random string generation function - Replace 3 functions that do the same with 1 shared one - Use crypto/rand over math/rand for a stronger RNG - Output only alphanumerical for URL compatibilty Fixes: #15536 * use const string method * Update modules/avatar/avatar.go Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: a1012112796 <1012112796@qq.com>
2025-06-01 15:55:15 +08:00 · 2021-05-10 08:45:17 +02:00
parent 270aab429e
commit 1e6fa57acb
15 changed files with 100 additions and 192 deletions
--- a/models/migrations/v71.go
+++ b/models/migrations/v71.go
@ -8,8 +8,8 @@ import (
 	"crypto/sha256"
 	"fmt"

-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"golang.org/x/crypto/pbkdf2"
 	"xorm.io/xorm"
@ -53,7 +53,7 @@ func addScratchHash(x *xorm.Engine) error {

 		for _, tfa := range tfas {
 			// generate salt
-			salt, err := generate.GetRandomString(10)
+			salt, err := util.RandomString(10)
 			if err != nil {
 				return err
 			}
--- a/models/migrations/v85.go
+++ b/models/migrations/v85.go
@ -7,9 +7,9 @@ package migrations
 import (
 	"fmt"

-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"xorm.io/xorm"
 )
@ -65,7 +65,7 @@ func hashAppToken(x *xorm.Engine) error {

 		for _, token := range tokens {
 			// generate salt
-			salt, err := generate.GetRandomString(10)
+			salt, err := util.RandomString(10)
 			if err != nil {
 				return err
 			}
--- a/models/token.go
+++ b/models/token.go
@ -10,8 +10,8 @@ import (
 	"time"

 	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	gouuid "github.com/google/uuid"
 )
@ -40,7 +40,7 @@ func (t *AccessToken) AfterLoad() {

 // NewAccessToken creates new access token.
 func NewAccessToken(t *AccessToken) error {
-	salt, err := generate.GetRandomString(10)
+	salt, err := util.RandomString(10)
 	if err != nil {
 		return err
 	}
--- a/models/twofactor.go
+++ b/models/twofactor.go
@ -11,10 +11,10 @@ import (
 	"encoding/base64"
 	"fmt"

-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/secret"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"

 	"github.com/pquerna/otp/totp"
 	"golang.org/x/crypto/pbkdf2"
@ -34,11 +34,11 @@ type TwoFactor struct {

 // GenerateScratchToken recreates the scratch token the user is using.
 func (t *TwoFactor) GenerateScratchToken() (string, error) {
-	token, err := generate.GetRandomString(8)
+	token, err := util.RandomString(8)
 	if err != nil {
 		return "", err
 	}
-	t.ScratchSalt, _ = generate.GetRandomString(10)
+	t.ScratchSalt, _ = util.RandomString(10)
 	t.ScratchHash = hashToken(token, t.ScratchSalt)
 	return token, nil
 }
--- a/models/user.go
+++ b/models/user.go
@ -22,7 +22,6 @@ import (
 	"unicode/utf8"

 	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@ -746,7 +745,7 @@ func IsUserExist(uid int64, name string) (bool, error) {

 // GetUserSalt returns a random user salt token.
 func GetUserSalt() (string, error) {
-	return generate.GetRandomString(10)
+	return util.RandomString(10)
 }

 // NewGhostUser creates and returns a fake user for someone has deleted his/her account.